Sometime back I published an article “What it Really Takes to Stand up a SOC”. This included a MindMap showing everything you need to consider while making a decision about establishing an internal Security Operations Center. Since then, many people have asked questions about estimating budget for standing up an internal SOC.

The following table shows a sample cost for SOC personnel. The annual salary and benefits may vary from state to state (or countries). The number of people are estimated for running a 24×7 SOC with 3 analysts in first shift and two analysts in second and third shifts. See my other blog post about how I came up with these numbers. This is a recurring annual cost.

Capital Cost for Technology

Following table shows estimated cost of technology. This may vary depending upon size of your organization but I have tried to cover major expenses. As an example, the cost of SIEM may be much smaller or quite large depending upon geographical locations, amount of data collected, applications, and so on. This is to give you a starting point.

Other Annual Recurring Costs

The following table provides estimate of other recurring costs. I have intentionally left the first two rows empty to enable you add depreciation and software maintenance costs. As a simple rule, use 20% of your capital expense as annual depreciation and maintenance cost. Your accounts department can help you get a more realistic number here.

Putting it All Together

Following is the complete picture of the sample budget calculator. Once again I will encourage to download the calculator and make changes as you deem necessary.